CVE-2017-12160 in KeyCloakИнформация

Сводка (Английский)

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Резервировать

01.08.2017

Раскрытие

26.10.2017

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИДУязвимостьCWEЭксКонCVE
108633KeyCloak Oauth слабая аутентификация287Не определеноОфициальное исправлениеCVE-2017-12160

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

ПредыдущийОбзорДалее

Want to know what is going to be exploited?

We predict KEV entries!